instrument-integration
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs project analysis by reading standard dependency files (e.g., package.json, requirements.txt) to identify the application framework, which is necessary for its stated purpose of SDK integration.
- [SAFE]: SDK installation is handled through legitimate package managers (npm, pip, pnpm, etc.) using official package names like 'posthog-js' and 'posthog-node'.
- [SAFE]: Secret management is handled correctly by retrieving API tokens via a PostHog MCP server tool and writing them to framework-appropriate environment variable files (e.g., .env or .env.local), avoiding hardcoding.
- [SAFE]: All external URLs and repository references in the documentation and examples point to official PostHog domains (posthog.com) and infrastructure, with no evidence of typosquatting or redirection to untrusted sources.
Audit Metadata